Daily Archives2017 February 01

DDoSing (Distributed Denial Of Service): is the process of sending packets at a large rate forcing a network to crash. Many people use this technique to crash websites or home connections. Network packets: Data that is split into chunks (packets) sent between your computer and a router containing all the data you receive and send out. Booting: slang for the process of DDoSing, often used when talking about “knocking” someone offline.

The Many Ways to DDoS

To preform a DDoS attack you can choose from a wide range of methods, using a downloadable program such as HOIC (High Orbit Ion Cannon) to knock out someone’s connection is not the most effective way to carry out a DDoS attack as it usually ends up crashing your own network or severely lagging your network. Another problem with using your own network to DDoS is the fact that if you don’t use a Proxy or VPN, your IP Address is exposed to whoever you attacked.

DDoS Attack Protection

A solution to this problem is using a proxy list (www.hidemyass.com) or a free VPN (HotSpotShield). Another method used by many hackers is an online booter or “stresser”, codename for a DDoSer, like www.microstresser.com (This website used for testing your home connections strength, not to be used in malicious ways). Almost all stressers will be paid, but are much more effective due to their strength and 99% anonymityas it will trace back to the website. Also, I would like to remind you that DDoSing is a malicious and highly illegal act in the United States.

A Little Bit of History of DDoSing

A group given the credit of making DDoSing a popular and easy way to knock a connection/server out is the widely known hacker group Anonymous. Through chatrooms, skype, emails etc. many booters are spread out to members. The HOIC (High Orbit Ion Cannon) is the newer model of the previous LOIC (Low Orbit Ion Cannon), alone these booters aren’t too much of a threat, but with thousands of people using these at a time websites like PayPal or even major North Korean government websites can be shut down with the flood of packets sent by these groups.

Overall, DDoSing is an effective way to knock out your enemies internet, but is a highly illegal technique.

How Can I protect mySelf?

On your home network the cheapest and best way to protect yourself from DDoSing is use a VPN service the provided a tunneled network. Of course using VPN has other positive attributes and only cost around $6 a month good thing you not an internet company.

Server / Website

For Servers and websites DDoS protection doesn’t come cheap but is widely available. I recommend a service called cloud flare it’s fairly cheap with price ranging from $20 to $3000 per month.

Why would a Hacker DDoS?

Most of time the attack aimed at shutdown a website or server but high number of skid’s lately have been DDoS players into online games to cause them to time out and lose. Also hackers will DDoS a server to slow it down but not crash it so they crack the SSL key before it resets. It might be important to mention that hackers sometimes get paid to DDoS companies that are creating competition.

First off, I do not encourage the tactics I talk about to be used for malicious acts. A common way they convince someone to divulge information is by acting as a friend or pretending they don’t want the information you have.

Now just because someone says this doesn’t always mean they are engineering you, but it is a common way of engineering. Also, just because someone is your friend on the internet doesn’t mean they are “out to get you,” so basically, don’t be paranoid just be careful. Another technique is to befriend them and convince them you mean no harm, and eventually they will most likely tell you depending on what you are trying to receive.

Why Would Someone Do This?

There are many reasons as to why someone would want to engineer you, whether for monetary gains or for some other reason. If you are the owner of a website, server, business etc. always be careful when handing permissions or anything else someone might want to take and use to make your business their own. Many examples come from Minecraft Servers where an “Admin” or “Co-Owner” receives the FTP panel and removes the owner taking over the server. So always be weary and make sure you can trust the people you give permissions too as they may not be who you think they are, no matter how long you’ve known them.

Common Places For Social Engineering

A LOT of engineering happens over Skype, as it’s what many people use to talk over the internet and it’s actually quite easy to engineer people over this application instead of just plain chatting, but if you are engineering I wouldn’t recommend sharing personal details or using video chat. Also keep most talking out of chat and in Voice Calls, as not many people have the means to record audio but everyone can take screenshots of chat logs.